Performing the encryption at the source, on the HBA, helps organizations more easily comply with the many regulations around protecting data, according to Shaun Walsh, vice president of corporate marketing for Emulex. If encryption is performed at the target device, then the data is not encrypted "in flight," or during transmission. Some locations, such as the state of Massachusetts, require that consumer data be protected while in flight as well as at rest. Similarly, if the encryption is performed in the storage fabric, it's not protected from the host to the device.
In addition, performing the encryption at the host is recommended as a best practice by organizations such as the Storage Networking Industry Association (SNIA) and the National Institute of Standards and Technology (NIST), Walsh says. The problem with that approach was that encrypting the data at the card affected network performance. Emulex solved this problem by placing additional processors on the card to offload the task and to perform the encryption without degrading network performance. The company also says that its encryption method is less expensive than alternatives, claiming that OneSecure adapters are 50 percent less expensive than encryption arrays and 70 percent less expensive than encryption switches.
The most interesting aspect of the announcement is that, with EMC pushing it, encryption on the HBA is becoming mainstream, says Frank Berry, an analyst with IT Brand Pulse. "If EMC can sell a large number of the adapters, users may see further such integration. Emulex said it was working on a similar product for 10GbE as well. While people have been talking about embedding encryption into other chips for years, basically it won't become pervasive unless users perceive themselves as getting it for free," Berry says.
The HBA is expected to cost $5050 and to be available sometime this summer. It was demonstrated last week at EMC World in Boston. Users manage the device using Emulex's OneCommand management software. It will support Windows and Linux at first release. It is a full-height, half-length card using PCIe Gen 2 technology. Supported encryption algorithms include 128- and 256-bit AES-CBC, and 2x128- and 2x256-bit AES-XTS. Emulex first announced the product in February 2009.